Telecom operators shall expose USSD APIs. Financial organizations, or payment gateways, eCommerce websites can use these USSD APIs to prompt their customers for password.
This makes a complete seperate authentication channel for online transactions.
USSD menus for authentication
example: A user is buying a product online from his PC/Laptop using his credit card. credit card company shall prompt him on his mobile for password (using USSD menus provided by telecom operator). then the transaction on his PC/Laptop is authorized.
In this scenario, even if his PC is spyed using a key logger or any other tool, hacker can't use for any other transaction.
If the user looses his/her bag, hence both his mobile and card fell in wrong hands, still user is safe because it is password protected. (This is not the case with OTP).
OTP is not safe if card & mobile are lost together.